funsec mailing list archives
Re: EFI and security
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 15 Mar 2006 14:36:40 GMT
Larry, One word: Rootkit. ;-) - ferg -- "Larry Seltzer" <larry () larryseltzer com> wrote: There's been a lot of noise lately about Microsoft pulling EFI support from the initial versions of Windows Vista (http://www.eweek.com/article2/0,1895,1937668,00.asp - actually UEFI). EFI and UEFI are the next-generation replacements for the BIOS and are (here's the key to my inquiry) extensible. Essentially, it can provide for OS-independent device drivers with a standard driver interface to the operating system. Here are some links: Intel: http://www.intel.com/technology/efi/ Microsoft: http://support.microsoft.com/?kbid=303956 Wikipedia: http://en.wikipedia.org/wiki/Extensible_Firmware_Interface The Unified EFI Forum: http://www.uefi.org/ The Microsoft delay is more a business matter having to do with OEMs not wanting to adopt the new spec. The new Intel-based Apple systems do use UEFI. The original EFI is an Intel spec, UEFI is a newer one released to the UEFI forum to make it less of an Intel-Inside thing. I haven't read the specs closely enough, but since it can be extended through software that loads prior to the OS boot I'm curious about the security implications. The UEFI forum has this in theie FAQ: Q: Does UEFI increase security risks from viruses and the like? A: Any firmware implementation has to take care to address security. UEFI does not change that for better or worse. That's very nice, but it's basically just an assertion that nothing has changed when it has, of course. Has anyone looked at this more carefully? Will we have to start running UEFI anti-virus software? Or do we just say that this software is trusted and leave it at that? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: EFI and security Fergie (Mar 15)